It is well established that input of a password by a computer user is the most widely used approach for authenticating the identity of the user. Nevertheless, there is always concern that the input password may be detected and stolen by a malicious software program or hardware device because the input password is simply the combination of keystrokes. Software such as key logger programs and hardware devices can detect and store type user passwords. Key logger programs copy a computer user's keystrokes to a file which are sent to a hacker at a later time. Often the key logger software will only awaken when a computer user connects to a secure Web site such as a bank. It then logs the keystrokes, which may include account numbers, PINs and passwords, before they are encrypted by the secure web site. There are also all hardware key logger devices that attach unobtrusively to a keyboard cable and also record a user's keystrokes (such as typed passwords) for later retrieval for malicious use.
Certain software applications make use of special keyboard software in order to solve this keystroke logging problem, however, an input password may still be captured onscreen. Onscreen capturing works in the following manner. Keylogger software with screen capturing functionality will awaken when a computer user connects to a secure Web site (such as a bank). Any mouse click event will trigger a screen capture in the area around the position of the mouse click. These series of screen-captured files will be stored for later retrieval (e.g., sent back to a hacker's computer.)
Some applications use fingerprint identification or dynamic code through a mobile telephone for identity authentication, but these techniques require additional devices attached to the computer or telephone. The dynamic code technique does not use a fixed password for authentication of the identity. Every time a computer user wants to log in, he uses his mobile telephone to retrieve a code from a remote site which is dynamically generated. The code is basically disposable and will be invalid after log in; the user needs to acquire another code next time from the remote site.
Therefore, a technique is desired that would allow secure input of a password into a computer, telephone or similar device.